Add k8up-backup and matrix-registration charts

2025-05-19 13:51:07 -06:00 · 2025-05-19 13:51:07 -06:00 · a714d65fff
commit a714d65fff
parent ca5643bfcc
12 changed files with 232 additions and 0 deletions
--- a/charts/k8up-backup/Chart.yaml
+++ b/charts/k8up-backup/Chart.yaml
@ -0,0 +1,6 @@
+apiVersion: v2
+name: k8up-backup
+description: A Helm chart for a k8up backup
+
+type: application
+version: 0.0.3
--- a/charts/k8up-backup/templates/backup.yaml
+++ b/charts/k8up-backup/templates/backup.yaml
@ -0,0 +1,23 @@
+# {{- if .Values.oneTimeBackup }}
+
+apiVersion: k8up.io/v1
+kind: Backup
+metadata:
+  name: {{ .Release.Name }}
+spec:
+  failedJobsHistoryLimit: 2
+  successfulJobsHistoryLimit: 2
+  backend:
+    repoPasswordSecretRef:
+      name: "{{ .Release.Name }}-repopassword"
+      key: password
+    s3:
+      endpoint: "{{ .Values.endpoint }}"
+      bucket: "{{ .Values.bucket }}"
+      accessKeyIDSecretRef:
+         name: "{{ .Release.Name }}-credentials"
+         key: id
+      secretAccessKeySecretRef:
+         name: "{{ .Release.Name }}-credentials"
+         key: key    
+# {{- end }}
--- a/charts/k8up-backup/templates/schedule.yaml
+++ b/charts/k8up-backup/templates/schedule.yaml
@ -0,0 +1,35 @@
+# {{- if not .Values.oneTimeBackup }}
+apiVersion: k8up.io/v1
+kind: Schedule
+metadata:
+  name: "{{ .Release.Name }}-schedule"
+spec:
+  backend:
+    repoPasswordSecretRef:
+      name: "{{ .Release.Name }}-repopassword"
+      key: password
+    s3:
+      endpoint: "{{ .Values.endpoint }}"
+      bucket: "{{ .Values.bucket }}"
+      accessKeyIDSecretRef:
+         name: "{{ .Release.Name }}-credentials"
+         key: id
+      secretAccessKeySecretRef:
+         name: "{{ .Release.Name }}-credentials"
+         key: key    
+  backup:
+    schedule: '@hourly-random'
+    failedJobsHistoryLimit: 2
+    successfulJobsHistoryLimit: 1
+  check:
+    schedule: '@daily-random'
+    failedJobsHistoryLimit: 2
+    successfulJobsHistoryLimit: 1
+  prune:
+    schedule: '@weekly-random'
+    failedJobsHistoryLimit: 2
+    successfulJobsHistoryLimit: 1
+    retention:
+      keepLast: 5
+      keep Daily: 14
+# {{- end }}
--- a/charts/k8up-backup/templates/secrets.yaml
+++ b/charts/k8up-backup/templates/secrets.yaml
@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{ .Release.Name }}-credentials"
+data:
+  id: "{{ .Values.credentials.id | b64enc}}"
+  key: "{{ .Values.credentials.key | b64enc}}"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{ .Release.Name }}-repopassword"
+data:
+  password: "{{ .Values.repoPassword | b64enc}}"
--- a/charts/k8up-backup/values.yaml
+++ b/charts/k8up-backup/values.yaml
@ -0,0 +1,8 @@
+# endpoint: 
+# bucket
+# repoPassword:
+# credentials:
+#   id:
+#   key:
+  
+oneTimeBackup: false
--- a/charts/matrix-registration/Chart.yaml
+++ b/charts/matrix-registration/Chart.yaml
@ -0,0 +1,8 @@
+apiVersion: v2
+name: matrix-registration
+description: A Helm chart for Kubernetes
+
+type: application
+version: 0.1.0
+
+appVersion: "0.9.1"
--- a/charts/matrix-registration/templates/config.yaml
+++ b/charts/matrix-registration/templates/config.yaml
@ -0,0 +1,52 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ printf "%s-matrix-registration" .Release.Name }}
+data:
+  config.yaml: |
+    server_location: {{ .Values.serverLocation }}
+    server_name: {{ .Values.serverName }}
+    registration_shared_secret: {{ .Values.registrationSharedSecret }}
+    admin_api_shared_secret: {{ .Values.adminApiSharedSecret }}
+    base_url: {{ .Values.serverBaseUrl }}
+    client_redirect: 'https://app.element.io/#/login'
+    client_logo: 'static/images/element-logo.png' # use '{cwd}' for current working directory
+    db: 'sqlite:///{cwd}db.sqlite3'
+    host: '0.0.0.0'
+    port: 5000
+    rate_limit: ["100 per day", "10 per minute"]
+    allow_cors: false
+    ip_logging: false
+    logging:
+      disable_existing_loggers: false
+      version: 1
+      root:
+        level: DEBUG
+        handlers: [console]
+      formatters:
+        brief:
+          format: '%(name)s - %(levelname)s - %(message)s'
+        precise:
+          format: '%(asctime)s - %(name)s - %(levelname)s - %(message)s'
+      handlers:
+        console:
+          class: logging.StreamHandler
+          level: INFO
+          formatter: brief
+          stream: ext://sys.stdout
+        file:
+          class: logging.handlers.RotatingFileHandler
+          formatter: precise
+          level: INFO
+          filename: m_reg.log
+          maxBytes: 10485760 # 10MB
+          backupCount: 3
+          encoding: utf8
+    # password requirements
+    password:
+      min_length: 8
+    # username requirements
+    username:
+      validation_regex: [] #list of regexes that the selected username must match.        Example: '[a-zA-Z]\.[a-zA-Z]'
+      invalidation_regex: ['(admin|support|password)'] #list of regexes that the selected username must NOT match.  Example: '(admin|support)'
+
--- a/charts/matrix-registration/templates/deployment.yaml
+++ b/charts/matrix-registration/templates/deployment.yaml
@ -0,0 +1,44 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ printf "%s-matrix-registration" .Release.Name }}
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      name: matrix-registration
+      app: matrix-registration
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        name: matrix-registration
+        app: matrix-registration
+    spec:
+      securityContext: {}
+      containers:
+      - image: zeratax/matrix-registration:{{ printf "v%s" .Chart.AppVersion }}
+        imagePullPolicy: IfNotPresent
+        name: matrix-registration
+        args: ["serve"]
+        ports:
+        - containerPort: 5000
+          name: web
+          protocol: TCP
+        volumeMounts:
+        - mountPath: /data/config
+          name: matrix-registration
+      restartPolicy: Always
+      volumes:
+      - name: matrix-registration
+        configMap:
+          name: {{ printf "%s-matrix-registration" .Release.Name }}
+      - name: data
+        persistentVolumeClaim:
+          claimName: {{ printf "%s-matrix-registration" .Release.Name }}
--- a/charts/matrix-registration/templates/pvc.yaml
+++ b/charts/matrix-registration/templates/pvc.yaml
@ -0,0 +1,10 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ printf "%s-matrix-registration" .Release.Name }}
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage:  100M
--- a/charts/matrix-registration/templates/route.yaml
+++ b/charts/matrix-registration/templates/route.yaml
@ -0,0 +1,16 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: {{ printf "%s-matrix-registration" .Release.Name }}
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`goatchat.ca`) && PathPrefix(`/gate/`)
+    kind: Rule
+    services:
+    - kind: Service
+      name: {{ printf "%s-matrix-registration" .Release.Name }}
+      port: 5000
+  tls:
+    certResolver: letsencrypt
--- a/charts/matrix-registration/templates/service.yaml
+++ b/charts/matrix-registration/templates/service.yaml
@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ printf "%s-matrix-registration" .Release.Name }}
+spec:
+  selector:
+    app: matrix-registration
+  ports:
+    - name: web
+      protocol: TCP
+      port: 5000
--- a/charts/matrix-registration/values.yaml
+++ b/charts/matrix-registration/values.yaml
@ -0,0 +1,5 @@
+# serverLocation:
+# serverName:
+# serverBaseUrl:
+# registrationSharedSecret:
+# adminApiSharedSecret: